Files
fizzy/config/brakeman.ignore
T
2026-02-02 18:06:19 +01:00

144 lines
5.7 KiB
Plaintext

{
"ignored_warnings": [
{
"warning_type": "SQL Injection",
"warning_code": 0,
"fingerprint": "4ea2e6d704b817af1d896dcdf148a89da8b9e428b3327497631ef8d9ed587307",
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/card/entropic.rb",
"line": 19,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "active.joins(:board => :account).left_outer_joins(:board => :entropy).joins(\"LEFT OUTER JOIN entropies AS account_entropies ON account_entropies.account_id = accounts.id AND account_entropies.container_type = 'Account' AND account_entropies.container_id = accounts.id\").where(\"last_active_at > #{connection.date_subtract(\"?\", \"COALESCE(entropies.auto_postpone_period, account_entropies.auto_postpone_period)\")}\", Time.now)",
"render_path": null,
"location": {
"type": "method",
"class": "Card::Entropic",
"method": null
},
"user_input": "connection.date_subtract(\"?\", \"COALESCE(entropies.auto_postpone_period, account_entropies.auto_postpone_period)\")",
"confidence": "Weak",
"cwe_id": [
89
],
"note": "No user input allowed"
},
{
"warning_type": "Dangerous Send",
"warning_code": 23,
"fingerprint": "746ab8227e04231f0002e099e2f670bcc2b8927af85cdc69fab1440002d5c2a6",
"check_name": "Send",
"message": "User controlled method execution",
"file": "app/controllers/events/day_timeline/columns_controller.rb",
"line": 19,
"link": "https://brakemanscanner.org/docs/warning_types/dangerous_send/",
"code": "Current.user.timeline_for(day, :filter => ((Current.user.filters.find(params[:filter_id]) or Current.user.filters.from_params(filter_params)))).public_send(\"#{params[:id]}_column\")",
"render_path": null,
"location": {
"type": "method",
"class": "Events::DayTimeline::ColumnsController",
"method": "set_column"
},
"user_input": "params[:id]",
"confidence": "High",
"cwe_id": [
77
],
"note": ""
},
{
"warning_type": "SSL Verification Bypass",
"warning_code": 71,
"fingerprint": "8e566e1a52e48940c840541ea4e33f41a39dc0f2a97eb83c52e76f9582667a3c",
"check_name": "SSLVerify",
"message": "SSL certificate verification was bypassed",
"file": "app/models/zip_file/remote_io.rb",
"line": 41,
"link": "https://brakemanscanner.org/docs/warning_types/ssl_verification_bypass/",
"code": "Net::HTTP.new(@uri.hostname, @uri.port).verify_mode = OpenSSL::SSL::VERIFY_NONE",
"render_path": null,
"location": {
"type": "method",
"class": "ZipFile::RemoteIO",
"method": "with_http"
},
"user_input": null,
"confidence": "High",
"cwe_id": [
295
],
"note": "Required for internal PureStorage self-signed certificates. Only used for trusted internal storage URLs."
},
{
"warning_type": "Mass Assignment",
"warning_code": 70,
"fingerprint": "ac0fa1970dea215e2f47a5676ffd63d8728951e361da12a53dd424bf6dc46f2a",
"check_name": "MassAssignment",
"message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
"file": "app/helpers/pagination_helper.rb",
"line": 14,
"link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
"code": "params.permit!",
"render_path": null,
"location": {
"type": "method",
"class": "PaginationHelper",
"method": "pagination_link"
},
"user_input": null,
"confidence": "Medium",
"cwe_id": [
915
],
"note": ""
},
{
"warning_type": "Remote Code Execution",
"warning_code": 24,
"fingerprint": "b00571393e95a8c7d77b1ed963cfc5cc89333bc82f447cf8783549d817990305",
"check_name": "UnsafeReflection",
"message": "Unsafe reflection method `safe_constantize` called on model attribute",
"file": "app/models/notifier.rb",
"line": 8,
"link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
"code": "\"Notifier::#{Event.eventable.class}EventNotifier\".safe_constantize",
"render_path": null,
"location": {
"type": "method",
"class": "Notifier",
"method": "s(:self).for"
},
"user_input": "Event.eventable.class",
"confidence": "Medium",
"cwe_id": [
470
],
"note": ""
},
{
"warning_type": "SQL Injection",
"warning_code": 0,
"fingerprint": "bbd8fe3cbbc6b393df770d3142d6fa46e2b9441b21f48a52175211acaae4efad",
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/card/entropic.rb",
"line": 10,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "active.joins(:board => :account).left_outer_joins(:board => :entropy).joins(\"LEFT OUTER JOIN entropies AS account_entropies ON account_entropies.account_id = accounts.id AND account_entropies.container_type = 'Account' AND account_entropies.container_id = accounts.id\").where(\"last_active_at <= #{connection.date_subtract(\"?\", \"COALESCE(entropies.auto_postpone_period, account_entropies.auto_postpone_period)\")}\", Time.now)",
"render_path": null,
"location": {
"type": "method",
"class": "Card::Entropic",
"method": null
},
"user_input": "connection.date_subtract(\"?\", \"COALESCE(entropies.auto_postpone_period, account_entropies.auto_postpone_period)\")",
"confidence": "Weak",
"cwe_id": [
89
],
"note": "No user input allowed"
}
],
"brakeman_version": "7.1.2"
}